1
Intrusion Detection and Prevention / ET Pro Telemetry rules not loading
« on: July 07, 2021, 05:10:30 pm »
I'm trying to get the ET Pro Telemetry rules to load. I have enabled Intrusion Detection, IPS mode, Promiscuous mode, Hyperscan, and chosen the LAN and WAN interfaces (I understand this is how to do it when VLANs are in use). I have installed the os-etpro-telemetry plugin and entered my et_telemetry.token. Under "Download" I have selected all of the ET telemetry rules and enabled them.
When I press "Download & Update Rules" it spins for a bit and then stops. No rules appear under the Rules tab. The Suricata log file (Services > Intrusion Detection > Log File) shows this:
2021-07-07T10:46:34 suricata[83728] [100170] <Notice> -- rule reload complete
2021-07-07T10:46:34 suricata[83728] [100170] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 7 rule files specified, but no rule was loaded at all!
2021-07-07T10:46:34 suricata[83728] [100170] <Notice> -- rule reload starting
The system log (System > Log Files > General) shows the following:
2021-07-07T10:46:34 /rule-updater.py[4309] version response for https://opnsense.emergingthreats.net/api/v1/ruleset/version : {"ruleset": "opnsense-rules.tar.gz", "version": "9790"}
So it looks like it's downloading something, but Suricata is not receiving any rules. Can anyone help me figure out what's going on here? Thanks.
When I press "Download & Update Rules" it spins for a bit and then stops. No rules appear under the Rules tab. The Suricata log file (Services > Intrusion Detection > Log File) shows this:
2021-07-07T10:46:34 suricata[83728] [100170] <Notice> -- rule reload complete
2021-07-07T10:46:34 suricata[83728] [100170] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 7 rule files specified, but no rule was loaded at all!
2021-07-07T10:46:34 suricata[83728] [100170] <Notice> -- rule reload starting
The system log (System > Log Files > General) shows the following:
2021-07-07T10:46:34 /rule-updater.py[4309] version response for https://opnsense.emergingthreats.net/api/v1/ruleset/version : {"ruleset": "opnsense-rules.tar.gz", "version": "9790"}
So it looks like it's downloading something, but Suricata is not receiving any rules. Can anyone help me figure out what's going on here? Thanks.